[strongSwan] sha2_256_96 and IKEv2
gabriel at vlasiu.net
Mon Apr 19 13:53:54 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 19 Apr 2010, Martin Willi wrote:
> sha2_256_96 is a non-standard algorithm allocated in the private range.
> As this number might be used differently by other implementations,
> charon has to know that it is talking to charon. This is strictly
> required starting with 4.3.6 and can be achieved by sending the
> strongSwan vendor ID. charon sends a Vendor ID if the
> charon.send_vendor_id strongswan.conf option is set.
I see... Thank you.
Any drawbacks if I set this?
> However, I'd recommend to use the standardized sha2_256 algorithm that
> uses 128bit instead of the Linux specific 96bit truncation scheme. It is
> supported starting with Linux 2.6.33.
Well, I would like to use sha2_256 but unfortunately I can not change the
kernel for now.
// Gabriel VLASIU
// OpenGPG-KeyID : 0xE684206E
// OpenGPG-Fingerprint: 0C3D 9F8B 725D E243 CB3C 8428 796A DB1F E684 206E
// OpenGPG-URL : http://www.vlasiu.net/public.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Users